Protecht.ERM Showcase: Manage the full lifecycle of risk management in one system
Register Now

In this video, David Tattam breaks down the questions you should be asking to better integrate risk management in your organisation's decision making.

Risk Management Front and Centre - Subtitles

Video Transcription:

Is risk management front and centre in your decision making?

Hi, I'm David Tattam, Director of Research and Training at Protecht Group.

One of the favorite challenges I have in risk management is the "So What?" question. Often we hear the why do we do risk management, because we have a risk register, because we have a heat map. The real question to ask is "So What?"

It really has to be focused on the outcomes of risk management rather than the process. One of the big answers I think, to the "So What" question in risk management is to help organisations make better decisions.

The question really is how can risk management be integrated into better decision making?

The approach we take at Protecht is to think about decision making at three levels. The first one is the "Can I" question, the second one is the "Should I" question and the final one is the "Would I" question.

Can I?

If we take the "Can I" question, it's really a question of, is the level of risk and the decision that I'm looking to make within my, or our organisation's, risk appetite? Our risk appetite there is to provide a boundary around what we are able to do in order to achieve our objectives.

The first test really is a risk appetite test. If the level of risk in the decision we are making is outside of appetite, the answer should be simply, "I can't" and that is it, unless of course we can change the risk appetite. If it is within risk appetite, then the answer is "I can but I might not wish to", so we move onto the second question, which is the "Should I" question.

Should I?

With the should I question we now bring in the partner to risk, which is reward. Rather a narrow focus, primarily focused on the shareholder, so financial rewards, financial risks, maybe employee risk, to weigh out whether the reward to the organisation is worth it for the level of risk we take.

Now if the reward is worth it, then "I should". If the reward is not worth it and it's lower than the risk we are taking, the answer is "I should not". If the answer is now "I should", we still might do it.

Would I?

Why, the third test, and the third test is the "Would I" test. This is where we personalise the decision. This is where we start thinking about the rewards and risk at a wider level, at a wider audience, the wider group of stakeholders. What is the reward and risk to my customers? What is the reward and risk to society, to the environment and this now takes the final check is, is the level of reward greater than the level of risk for all of my stakeholders?

If we pass that test we now have the "Can I", "Yes I can", "Should I", "Yes I should" and "Would I", "Yes I would". Now the final "Would I" I is really about personalising.

In the financial services sector we often ask the question, would you do this transaction with your family? Would you do this mortgage with your mother and your father? If the answer is yes, it passes the  "Would I" test, if it doesn't, it does not pass the  "Would I" test.

If you are looking to get a better answer about "So What" with your risk management, try looking at integrating it into your decision making.

In order to do that what do we need, we need good data. We need good data around a risk we are taking and the rewards we are taking. This then requires a good risk management framework collecting good risk information and dare I say, good enterprise risk management framework and system.

If you'd like to know more, please, please go look at our website. Also feel free to connect with me on LinkedIn. See you later and until next time, take care.

More about risk management and decision making

Facing challenges in making risk management decisions? See how you can find the optimal balance between risk and reward to make better decisions.

Learn more the relationship between good risk management and decision making in our article, From Risk Management to Management.


Need to brush up on Compliance and Compliance Risk Management? Check out our eBook below:

Banner_Compliance and Compliance Risk Management_Facebook_1200x600


Related Articles

feature image
Compliance Management, Protecht News & Events, Risk Management, Risk Reporting, Videos, Compliance Professionals

Modern Slavery - Being Prepared

Do you know what the Modern Slavery Act is and how it will impact your business? We had the opportunity to have Associate Professor Justine Nolan...
Read more
feature image
ERM, Risk Controls, Risk Manager, Risk Management Software, Videos, Webinars

Controls Assurance Webinar

Awesome Controls Assurance: The Confidence to Go Faster This event was done live on Oct.22nd 2019. Access the recording here. “The greatest potential...
Read more
feature image
ERM, Risk Assessment, Risk Management Software, Videos, Risk Management Framework, Webinars

Protecht.ERM System Demo APAC -Recording

Enterprise Risk Management = Integrated Risk Management in Protecht.ERM This event was done live on 10 September 2019. Access the recording here. In...
Read more